institute of internal auditors (iia) indonesia conference ... combine assurance... · sime...
TRANSCRIPT
1
Institute of Internal Auditors (IIA) Indonesia Conference
19-20 August 2015Hotel Tentarem, Jogjakarta
2
Background
1) Operating Landscape
2) Core Values
3) Governance Framework
4) Value Chain
Combined Assurance
1) Group Corporate Assurance
2) Other Assurance Providers
3) IIA Standards
4) Definition
5) Why Combined Assurance
6) Implementing Combined Assurance
7) Areas to focus – Key Risk Area
8) Combined Assurance Matrix
9) Type of Deliverables
10) Recipient to the Deliverables
11) Role of IA Head
12) Benefits & Challenges
3
STRICTLY CONFIDENTIALBackground
Six core businesses: Plantation, Property, Industrial, Motors, Energy & Utilities and Healthcare.
The business portfolio reflects the shareholders’ requirements: A mix of stable and growth businesses.
• World’s 5th largest Caterpillar dealer
• Australia’s largest Caterpillar dealer
(mining)
• China’s leading Caterpillar
dealer
• World’s largest listed oil palm plantation
company in terms of planted area of 523k ha (Malaysia 314k ha; Indonesia
209k ha)
• 6% of world’s CPO output originates from
Sime Darby’s estates
• One of world’s largest BMW dealers
• One of China’s largest independent
BMW dealers
• Largest landbank in Malaysia –59,000 acres
• Largest standalone private hospital with
393 beds
• Leading-edge and JCI-accredited
healthcare
provider in
Malaysia
4
STRICTLY CONFIDENTIALOperating landscape
China
Rapid rate of urbanisationand industrialisation will
drive demand for raw materials and ports services
Growing affluence will spur demand for lifestyle goods e.g. vehicles
Australia The mining boom is a result
of growing demand for
commodities in China and India.
Majority of businesses are in Emerging Asia, the New Economic Powerhouse.
India Population growth and
growing affluence will raise
demand for industrial-based and lifestyle products
Emerging Asia are driven by the following trends:
Population growth and growing affluence
Urbanization and industrialization
Africa Large arable land,
affordable labour and
growing affluence is ideal for Plantation expansion.
5
Respect & Responsibility
Excellence
Enterprising Integrity
Core Values
STRICTLY CONDFIDENTIAL
6
Our core values
Respect & responsibilities
Respect for the individuals we interact with and the environment
that we operate in (internally and externally) and committing to
being responsible in all our actions.
Excellence
Stretch the horizons of growth for ourselves, our business and our
people through our unwavering ambition to achieve outstanding
personal and business results.
Enterprising
Seek and seize opportunities with speed and agility challenging
the set boundaries.
Integrity
Uphold high levels of personal and professional values in all our
business interactions and decisions.
Core Values
STRICTLY CONDFIDENTIAL
7
Estates Mills
REFINERY
KERNEL CRUSHING PLANT
Refineries
Upstream Downstream
SUPPORT
COMMODITIES TRADING
HUMAN RESOURCE
PROCUREMENT ENGINEERING
RESEARCH
TREASURY
IT
SUPPORT
CORP COMM
PLANTATION OPERATION SUSTAINABILITY
LEGAL & SECRETARIAL
QUALITY
Value Chain – Plantation Upstream
PLANTATION ADVISORY
STRATEGY
ACCOUNTS
8
Internal Assurance Provider - 3rd Line of Defense
Auditors are located at various parts of the world,including Malaysia, Australia, China & Hong Kong andIndonesia.
• Control and Compliance Reviews• Information Technology (IT) Reviews
• Environment, Safety and Health (ESH) Reviews• Project Management Reviews• Business Advisory (BA) Reviews
Group Corporate Assurance – Sime Darby
Teams
Malaysia based 131
Regional based 65
Support staff 16
Total 212
9
External Assurance Providers – 3rd line of defense
External Auditors External Consultants
Internal Auditors
Internal Assurance Providers – 2nd line of defense
Group / Divisional Compliance
Group / Divisional Risk Management
Group / Divisional Legal; Strategy & Business Development
Management based assurance – 1st line of defense
Group / Divisional Sustainability and Quality Management
Group / Divisional Procurement, Human Resource, Finance/Acct
Plantation Advisories, Plantation Operations, Plantation Services
Research & Development, Engineering Services
Other Assurance Providers
10
International Professional Practices Framework 2013
1000 – 1300 : Attribute Standards
2000 – 2600 : Performance Standards
Institute of Internal Auditors (IIA) Standards
Standard 2050 – Coordination
The CAE or Internal Audit Head should share information and
coordinate activities with other internal and external providers
of assurance and consulting services to ensure proper coverage
and minimise duplication of efforts
Standard 2110 – Governance
The internal audit activity must assess and make appropriate
recommendations for improving the governance process in
its accomplishment of the following objectives:
• Coordinating the activities of and communicating
information among the board, external and internal
auditors, and management.
11
Combined Assurance - Definition
Combined Assurance defined :
“ the process of integrating and aligning the assurance
processes to maximise the oversight function and control
efficiencies with the objective of optimizing the overall
assurance reporting to the board.
Standards Glossary defines assurance as:
“an objective examination of evidence for the purpose of
providing an independent assessment on governance, risk
management and control processes for the organisation”
12
Why Combined Assurance
Responsibility for assurance activities are traditionally being
shared among management, internal audit, risk management and
compliance
Many companies operate with traditional internal audit, risk and
compliance activities performing different risk management,
compliance and assurance functions independently.
Important to ensure that assurance activities are coordinated to
ensure resources are used in the most efficient and effective way.
Without effective coordination and reporting, work can be
duplicated, or key risks may be missed or misjudged
13
Phase 1
Established Risk Management Process – Strategic,key operational and business unit level risk profiles tobe established.
Mapping of Risks to the Assurance Provider – 1st Lineof Defense,2nd Line of Defense and 3rd Line of Defense
Identify risk areas with overlapping AssuranceProvider for integration.
Phase 2
Decide on the assurance services to be provided.
Identify gaps and the desired assurance service.
Determine deliverables
Coordinate the assurance process.
Implementing Combined Assurance
14
Combined Assurance
Management
1st line of defense
External
Assurance
Provider
2nd line of defense
Internal / External
Assurance
Provider
3rd line of defense
Key Risk
Areas 1.
Integration
Key Risk
Areas 2
Integration
Key Risk
Areas 3
Integration
Key Risk
Areas 4
Integration
15
Combined Assurance Matrix - Key Risk Area 4
Risk 1st Line of
defense
2nd line of
defense
3rd line of
defense
Assurance Service
Provider
Assurance
Approach
Inadequate number
of competent
contractor
Group / Divisional
Procurement
Group/Divisional Risk
Management (GRM)
Internal Auditors
(GCAD) GRM GCAD
Business
Advisory /
Analytical
Review
Backlogs in end-to-
end process from
crops harvesting to
processing and
transporting of CPO
Divisional
Plantation
Operation Dept
(POD)
Divisional Plantation
Advisory, (PA)
Group Sustainability &
Quality Mgmt (GSQM)
Internal Auditors
(GCAD) POD GSQM PA
Special Process
Review
Organization of
legal documents
does not facilitate
efficient access.
Divisional
Plantation Service
Dept (PSD)
Legal & Secretarial
Group / Legal (GL)
Group / Divisional
Compliance (GCO)
External (EA)
Internal Auditors
(GCAD)
GL EA
Control and
Compliance
Review
Non-compliance to
Limit of Authority
Group / Divisional
Finance (Fin)
Group / Divisional
Compliance (GCO)
External / EA)
Internal Auditors
(GCAD)
GF GCO GCAD
Control Self
Assessment
Inability to secure
RSPO & ISPO
certification
Plantation Service
Dept (PSD),
Sustainability &
Quality Mgmt
(PSQM)
Group Sustainability &
Quality Mgmt (GSQM)
External
Consultant (EC) GSQM EC
Business
Advisory
Plant does not meet
requirements in
terms of budget etc.
Plantation
Engineering
Service Dept (ESD)
Strategy & Business
Development (SBD)
Internal Auditors ESD SBD GCAD Post Investment
Review
16
Types of Deliverables from Combined Assurance
Key risk 1 , Key Risk 2 , Key Risk 3, Key Risk 4
Control & Compliance reviews
- Standard Scope and Objective
Control Self Assessment reviews
- Focused Areas
Joint control & compliance review
- Involve Subject Matter Expert
Business Advisory reviews
- Analytical and comprehensive
Special Process Review
Detail investigative review
Post Investment Review
17
Key Output / Deliverables
Senior Operating Unit Management
Regional Operating Unit Management
Regional Head / Senior Management
Regional Head / Divisional Head
Divisional Senior Management
Divisional Board of Directors / Audit Comm
Regional Head / Divisional Head
Divisional Senior Management
Divisional Board of Directors / Audit Committee
Group Senior Management
Group Board of Directors / Group Audit Committee
18
Role of the Internal Audit Head
• IA Head to act as the coordinator of assurance providers to
ensure there are either no gaps in assurance, or the gaps are
known and accepted.
• The IA Head needs to consider areas of inadequate coverage
when developing the internal audit plan.
• The IA Head needs to understand the nature, scope and extent
of the integrated assurance map to consider the work of other
assurance (and rely on it as appropriate) before presenting an
overall opinion on the organisations governance, risk
management and control processes.
• The IA Head reports on any lack of input or involvement from
other assurance providers.
• Senior management and Audit committee need to be advised if
the IA Head believes that the assurance coverage is inadequate
or ineffective.
19
Benefits of Combined Assurance
Governance
Enhancing corporate governance process to be more systematic
Identification of priorities to reduce assurance overdose / fatigue.
Relevant and timely issues for effective mitigating plan
Cost
Cost efficiency through elimination of overlapping assurance providers
Value adding and improving the value of assurance services
Comprehensive deliverable to include gap analysis
Resources
Opportunity for skills / knowledge transfer.
Embedding continuous improvement / coordination between all the
assurance providers for the organization.
Better work efficiency through improved coordination
20
Challenges of Combined Assurance
Governance
Structured Risk Assessment process not established.
Risk assessment process not reaching the operating units
Resources
Assurance providers not prepared for new emerging risks
Skill and experience levels not appropriate for the work.
Support
Management constraint by other pressing priorities
Project Champion lack the required authority
Diminishing continuity
21
Thank you